This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, click the "Reprints" link at the top of any article.

Saudi Aramco Cyberattack Came From Foreign States

Saudi Arabia blamed unidentified people based outside the kingdom for a cyberattack against state-owned Saudi Arabian Oil Co. that aimed at disrupting production from the world’s largest exporter of crude.

More than 30,000 computers were compromised or affected by a so-called “spear-phishing” attack from Aug. 15, raising concerns about the threat hackers may pose to output at the company known as Saudi Aramco, Abdullah al-Saadan, vice president for corporate planning, said today at a news conference in the eastern city of Dhahran.

Major General Mansour Al-Turki, a spokesman for the Interior Ministry, declined to identify any of the “several foreign countries” from which the attack originated because the investigation is still in progress. “The attack failed to reach its ultimate goal, which was to stop the flow of Saudi oil,” he said at the conference.

Saudi Arabia is the largest producer in the Organization of Petroleum Exporting Countries, which supplies 40 percent of the world’s crude. The kingdom has accused Shiite-led Iran, a fellow OPEC member, of interfering in the affairs of Arab countries in the Persian Gulf, home to three-fifths of the world’s proven oil reserves. Iran denies the charge and accuses Sunni Muslim rulers in Bahrain and Saudi Arabia of discriminating against Shiites.

U.S. Defense Secretary Leon Panetta and other American officials have suggested that the Aramco attack is evidence of a brewing global cyber war, one in which countries including Iran are improving their ability to target companies and governments. The virus destroyed data on servers and erased hard-drives on individual computers.

Aramco has purged the computer virus from its network and taken steps to prevent further security breaches, al-Turki said. Al-Saadan said none of the company’s employees or contractors were complicit in the attack, which had no effect on output of crude oil or refined products.

“The fact that not a single drop of oil stopped during the attack is an assurance to global markets that Saudi production is safe,” al-Saadan said. Saudi Arabia pumped 9.7 million barrels a day of crude in November and has an estimated production capacity of 12.5 million barrels, according to data compiled by Bloomberg.

Circumstantial Evidence

Aramco said on Sept. 10 that its entire computer network was operating normally after the virus arrived through an e-mail. The percentage of computers damaged was small relative to the size of the network, al-Saadan said.

Two U.S. intelligence officials said in interviews that the evidence implicating Iran in the Aramco attack is largely circumstantial, though they said the breach does fit a pattern of increased Iranian cyber warfare activity since 2010, after a sophisticated virus known as Stuxnet attacked Iran’s main uranium enrichment facilities.

“Saudi Aramco faced thousands of cyberattacks before, and it will face similar attacks in future,” al-Saadan said. “We will continue taking measures and enhance our security.”

Treasury & Risk

Treasury & Risk is an online publication and robust website designed to meet the information needs of finance, treasury, and risk management professionals. Our editorial content, delivered through multiple interactive channels, mixes strategic insights from thought leaders with in-depth analysis of best practices, original research projects, and case studies with corporate innovators.